from the for-no-clear-reason dept

Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there's no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic -- enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality.

But it's all working. And, by working, I mean scaring the public unnecessarily. As reported by Wired, a new survey from Unisys finds that Americans are more worried about cybersecurity threats than terrorism, and they seem pretty worried about those threats. When asked about which security issues were the highest priority, survey respondents noted:

Protecting government computer systems against hackers and criminals (74 percent)

Of course, it's likely that the vast majority of the American public has absolutely no idea what the actual risk is of any of these things happening. But they are familiar with computers, and there's been a lot of talk about cybersecurity lately, so "ooooooh, scary!" Now, here's where the mainstream press could come in and point out the lack of evidence for any real or significant cybersecurity threat and help people realize that they might be best off focusing their attention elsewhere. But talking about planes falling from the sky is much more fun.

That 61% number certainly sounded pretty high, and I was doubly skeptical when I read that the study came from Unisys, a security company who clearly stands to profit from greater "worries" about the still apparently bogus concept of "cyberwar." And, of course, people always point out that you can get a survey to say pretty much anything you want, depending on how you ask the question. So I went digging to see if I could find exactly what question Unisys (and its partner Lieberman Research Group) used to get this result. It took a bit of searching, but here's the question:

If there were clear evidence of a malicious cyber-security attack by a foreign government against our military, civilian government, electrical grid, financial systems, or other critical infrastructure, should the President have the authority to take control of or effectively shut down portions of the Internet to mitigate a crisis?

First of all, that's a big, big "if" right at the beginning there. Second, all of this assumes that an attack on the military, the government, the electrical grid, the financial system or other "critical infrastructure" could actually come via the internet. This isn't a reason to support an internet kill switch. It's a reason to get people to ask more reasonable questions, rather than broadbased scary questions, without highlighting the corresponding concerns, civil liberties issues and other worries. If you make any question "scary" enough, you can get people to agree with you, but that hardly means that people would actually want such a kill switch if they understood (a) the likelihood of such an attack, (b) what such a "kill switch" would actually mean, and (c) what alternatives there are.

In other words, this is pure propaganda from Unisys, rather than any bit of meaningful data.

from the intrusion-prevention-is-supposed-to,-you-know,-prevent-intrusions dept

Following the stories of Chinese hackers breaking into US Defense Department computers, it appears that the FBI is investigating Unisys for its inability to prevent those and other hacks. Apparently, the government is paying Unisys $1 billion to manage the computer systems for the Department of Homeland Security -- which would include preventing them from being hacked. Unisys, for its part, claims that its intrusion protection system worked and it reported the security incidents. Of course, from the sound of things, the hacks still occurred so whatever "warnings" Unisys sent didn't quite do the job. Of course, the FBI isn't really one to talk about the inability to keep computer systems working.